Ask HN: Someone is harassing me online, using my personal info. What can I do?
I am the admin of a relatively large forum site, and recently had to ban one user. Without going too much into the details, the user got extremely heated and researched my personal information online, found my CV and also where I'm currently doing my PhD studies. He has also built a blog site recording all my personal info/phone numbers/family members, etc. and sending them to my supervisors with a request that I be terminated due to unethical behavior. As I'm currently in Germany, you can imagine how this might cause a lot of confusion with my superiors.
So my question is, is there anything I can do to stop this individual? I have some basic information about this guy which I can report to some authorities (list of IP addresses, email address) but as he's located in Egypt, I'm not sure there's any good that these will do. Really looking for some help in dealing with this matter, and talking to this guy directly will probably not solve anything (maybe even just make it worse since he'll think he's winning).
45 comments
[ 3.2 ms ] story [ 97.7 ms ] threadI ban 100's of people daily on my own website and have run in on multiple occasions to people who love nothing more than to ruin other people's lives online from the relative shelter of online anonymity.
Worse still, authorities usually don't lift a finger (unless there is child pornography involved or the victim is a politician or a relative of one) and if they do move it is at a glacial pace.
If you know who he is then a letter from a lawyer might help, if you only know IP addresses and a general location then you are facing a long and hard battle.
Going back through your server log might help you to figure out more information about this person, maybe he's made multiple accounts, maybe one of his aliases shows up in google allowing you to figure out more about him. Any work you can do prior to hiring the lawyer will likely result in some acceleration or maybe even prompt resolution.
The only reason this works is because there is an information asymmetry between you and your attacker, he knows all there is to know about you and you know nothing to very little about him.
As for your superiors, if they would act on anonymous complaints sent over the internet rather than have a good laugh at it then you should probably explain that anybody with an axe to grind can attack anybody else on the net in this way for no particular reason.
Best of luck with all this.
I don't have his physical address, so not sure how I could get a letter delivered. Perhaps some kind of tool exists to bait him into giving me his geo coordinates?
The supervisors are not too pleased with getting 10-15 emails this morning, with a PDF of my personal information and other harrassing information related to my work for the site, which takes place off-work.
The fact that they assign any value to this at all is certainly worrisome.
If you send me an email privately (jacques@mattheij.com) with what information you currently have on the guy then I may be able to give you a hand (no promises though).
I can't imagine a lawyer, billing hourly, being any more effective at persuading a probably mentally unhinged person apparently based in Egypt to shut up.
As for the Egyptian police, they're pretty busy silencing dissidents already...
Wait, what? How does that describe an "altruistic hacker"?
He doesn't want a merc hacker, he wants one with shared ideals.
Those merc hackers are dangerous, ya know.
Well, I snorted appreciatively when I read it, at least.
(This is why I dislike downvoting. Ignore ideas you dislike, flag abuse, but downvote "honest opinions"? Hmm. Sure, that begs the question of abuse Vs honest opinions, but that is the purpose of discussion and reason: To sort the abuse from the honest opinions, to accept and improve upon the latter.)
Some people just won't give up until they get a taste of their own medicine, and on the internet it is all fun and games until your name and address are out in the open.
The fun bit is that once that happened we (usually, we do have a couple of hold-outs) could conclude those cases swiftly.
I'm curious why you chose to downvote rather than reply and advise?
I'm not trying to bait you, just trying to understand.
(Full disclosure: I think this is another flaw in the whole downvote concept - it provides us a way to make us feel we have registered a contrary opinion without requiring that we take the time to offer - and, if necessarily, defend - the counter thought. There have been quite a few times I've started a reply only to abandon it when I realized what I was signing on for. My thoughts are not so important I feel the need to register them at any cost. Of course, there have been a few times when I have blazed along righteously only to regret a few minutes later, and have been noticeable in my absence from subsequent discussion. But those aren't quite as frequent. I hope.)
Now, jacquesm's reply is making me regret my downvote.
Also, I agree with what you think about downvotes. I think HN should have a detector of potentially stupid comments (e.g "u re a fag") that could be downvoted without giving a reason, and the rest (comments similar to skidoo's comment) could be downvoted only after giving an explanation.
Partly as a result of this discussion.
MOi ha ha ha... uh oh.
;-P
(A quick search reveals no FF extensions to disable downvoting. I guess I could put rotate180 in user.js....)
As for the GGP comment, he advised to get the help of a 'hacker to hunt him down' not to hack him back. That's a world of a difference.
http://plato.stanford.edu/contents.html
Not giving in to blackmail is not about black and white, it's about black and black. And from a logical perspective, you don't mean "dualistic", you mean "excluded-middle" or "false dilemma".
http://en.wikipedia.org/wiki/False_dilemma
I don't have an opinion on the blackmail topic. But the blackmail was preceded by a governance decision and other communities can provide advice or useful precedent. Even when the blackmail issue with this one person is addressed, the governance issue will remain and can re-appear at any moment.
Since solving the governance issue will have to be done at some time in the future, it can be done now and offers some chance of de-escalation. The blackmail issue can still be addressed through other means, including legal. But de-escalation helps everyone, now.
Not with someone who has already engaged in illegal behavior, as in this case (if the perpetrator and the victim lived in the same country, the perpetrator could be arrested for harassment). The perpetrator has already proven his rejection of civilized behavior, so dealing with him on that basis becomes foolishly one-sided.
Banning is a governance issue for any community. If the community is large enough, there may be other senior (by time and participation) community members willing to act in a leadership role. Ask for their help in formalizing the ban process.
The governance group (ideally excluding you) can engage the currently banned person in a public process on the forum, where terms of engagement are defined by the community, not lawyers or countries or emotional individuals.
If the costs (time, money, risk) of maintaining a forum become too high, other admins have closed their forum. Presumably the aggrieved party simply wants to participate in the forum, not destroy it.
There should probably be an open discussion on the forum engaging members and other moderators where the banned user can see it. Let them discuss the ban as well as the subsequent harassment and honor their decision.
I am a former admin of a large forum. I let trolls and spammers wear me down over years and regret that I did not handle some things openly.
This is a very, very bad idea -- it's on a par with negotiating with terrorists.
> Maintaining control over your life and online reputation is more important than keeping him banned.
You seem not to realize that, by giving in to blackmail, one surrenders control of one's life to the next person who wants to engage in harassment. Also, what's to stop the original perpetrator from gloating about his victory over you and resuming or escalating his unacceptable behavior?
No, this is not an option.
Better to completely ignore the guy. And to tell your bosses and family about it and to tell them to ignore it too. That's the least effort for the most return.
Get one of your supervisors to contact the guy and lie to him that you have been fired, take on a new username and stop posting non-anonymous stuff with it.
Can you get his infos from the blog?
CLEARLY DOCUMENT EVERYTHING. At some point in the future you may want to go to the police and having everything they need neatly laid out is helpful to them.
If that doesn't work, or they're based in Egypt which is going to make legal action difficult, you might be best off to ignore them completely. They're looking for a response. They want to see you upset, they want to see you in a panic, they want to see you begging them to stop, etc. If you ignore them, and never respond or talk again, they'll likely move on with their life. They're not going to maintain a blog on you forever, that takes time, and if they're getting nothing in return, they'll stop, although it might take weeks or months.
Now, work on preventing this in the first place. I had my community hosted on the same servers as my personal projects (small startup, didn't realize it was going to grow to the current size), and this allowed people to connect the dots to my name by looking up the server IP and related sites. I'm in the process of trying to separate my personal identity from my community, and to reduce the trail leading back to me. I can't recall how many people are banned from my community, but it's in the area of 5,000. I'm surprised I haven't had more personal attacks, but it's only a matter of time, so I'm trying to separate things before it occurs again. You might want to do the same if possible.
They don't usually realize the consequences (even if warned) until it is too late.
But as a website operator I'd always make sure to attach both my corporate and personal identity with the service.
Why appear like a scam when you're not?